Cl0p ransomware group says it was behind Cleo attacks
Date:
Mon, 16 Dec 2024 15:25:00 +0000
Description:
The threat actor confirms its involvement, saying it has its own "regulations".
FULL STORY ======================================================================Cl0p confirmed abusing Cleo to target organizations The group said it deletes all government and healthcare data The same threat actor was behind the MOVEit cyberattack
Cl0p ransomware , the hacking group that was responsible for the infamous MOVEit data leak fiasco, has now claimed it was also behind the recent Cleo attacks.
Security researchers from Huntress recently revealed three managed file transfer (MFT) products from Cleo were carrying an unrestricted file upload and download vulnerability that could lead to remote code execution (RCE).
The bug is tracked as CVE-2024-50623, and was found in LexiCom, VLTransfer, and Harmony. Cleo released a patch for it in October 2024, but apparently it wasnt effective. The attack "project"
Huntress also said that it spotted at least two dozen compromised organizations, since the flaw was actively exploited in the wild:
Victim organizations so far have included various consumer product companies, logistics and shipping organizations, and food suppliers, Huntress said in
its writeup, adding that countless other companies are at risk.
Soon after Huntress announcement, the US Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its Known Exploited Vulnerabilities (KEV) catalog, confirming the findings and giving federal agencies three
weeks to patch up or stop using the tools entirely.
At first, the attack was not attributed to any particular group, since the evidence was inconclusive. However, over the weekend, BleepingComputer contacted Cl0p, who confirmed being behind the attacks:
As for CLEO, it was our project (including the previous cleo) - which was successfully completed, the group told the publication. All the information that we store, when working with it, we observe all security measures. If the data is government services, institutions, medicine, then we will immediately delete this data without hesitation (let me remind you about the last time when it was with moveit - all government data, medicine, clinics, data of scientific research at the state level were deleted), we comply with our regulations.
Clearly, Cl0p does not want to dabble with government or healthcare data, since that incurs the wrath of law enforcement, and most ransomware actors that went for government or healthcare data ended up dismantled, or at least seriously disrupted. You might also like US government agency confirms it was hit by major ransomware attack Here's a list of the best antivirus These are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/cl0p-ransomware-group-says-it-was-behin d-cleo-attacks
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)